Skip to content
Permalink
Browse files

[FIX] website_sale_delivery: fix public user access error on carrier

When public user is on payment page '/shop/carrier_rate_shipment' controller is
called to get delivery carrier rate. But public user has no access right on
`delivery.carrier`

closes #32977

Signed-off-by: Jérémy Kersten (jke) <jke@openerp.com>
  • Loading branch information...
msh-odoo authored and rdeodoo committed Apr 26, 2019
1 parent 3b1d7da commit 6113e2cb6e7de1fd36646db6ba91e2f21811e6d9
Showing with 3 additions and 1 deletion.
  1. +3 −1 addons/website_sale_delivery/controllers/main.py
@@ -31,8 +31,10 @@ def update_eshop_carrier(self, **post):

@http.route(['/shop/carrier_rate_shipment'], type='json', auth='public', methods=['POST'], website=True)
def cart_carrier_rate_shipment(self, carrier_id, **kw):
Monetary = request.env['ir.qweb.field.monetary']
order = request.website.sale_get_order(force_create=True)
assert int(carrier_id) in order._get_delivery_methods().ids, "unallowed carrier"
Monetary = request.env['ir.qweb.field.monetary']

res = {'carrier_id': carrier_id}
carrier = request.env['delivery.carrier'].sudo().browse(int(carrier_id))
rate = carrier.rate_shipment(order)

0 comments on commit 6113e2c

Please sign in to comment.
You can’t perform that action at this time.